Beware the new mozilla firefox version? Beware the old one also!

Rhodes · 10-15-12, 06:07 PM

Well, has the title says, I got a damn virus in my pc today and aparently "by" firefox.
From the begining: I use both ie and firefox, the latter to go here and other sites (blogs, etc; has advantanges, the dicionary, etc). Not going to be the ie vs firefox thing. Today afternoon I was working in powerpoint, surfing the web with both explorers, and got a message from the AV (I use no32 5.*) that was a suspictious thing (the message is below) and the options were to clean and no action. I click clean but noting and at the same time, got the message that my firewall is disable.
I thought "What?" went to check and my conection did not have the firewall on. Then the AV display the message of a trojan (explorer.exe+some random number). Great, I had one of those 2 weeks ago, so did what I did back then. Restore the system and let the AV got the bugger i the system restore files.
Did this and ok, fine, turn on ie and noting. Turn on firefox, got all over again. Great... some script that come trought firefox or something. After doing all over, and running everyting got no messages of virus. Unistalled firefox and using ie now, typing this.

But now I am getting av messages that the trojan that I had two weeks ago is trying something, the AV program is puting the exe files in quarantine and I am deleting them. Go see if I can see what keys are in the regstry and try to delete the bugger.

Here is the 1º message I got:
15-10-2012 17:30:34 Real-time file system protection file C:\Documents and Settings\Administrador\Application Data\Mozilla\Firefox\Profiles\a8q8l8ym.default\use r.js JS/SecurityDisabler.A.Gen potentially unwanted application cleaned by deleting -

the_tyrant · 10-15-12, 06:50 PM

You know, this is why I hate firefox now.

Their quality standards are slipping, seriously. This "rapid release schedule" is killing firefox.

First of all, no enterprise would use their "rapid release" products. A new version every 6 weeks? The IT people will fight to the death to block that.

Secondly, their quality is slipping. Bugs slip through, performance is bad, etc.

If you want to use firefox, consider the long term support version: http://www.mozilla.org/en-US/firefox/organizations/

Say what you want about IE, Microsoft does continuously support their browsers. Even IE6 is still getting patches and fixes (support is ending in 2014 I believe), whereas firefox 15 has been abandoned......

Rhodes · 10-16-12, 11:24 AM

Since the morning I got no "attack" messagens from the AV and all seems fine, but I am still causious.
But after seeing this message in the nod32 logs, it may explainhow the virus got in, if true:

16-10-2012 10:55:00 Real-time file system protection file C:\DOCUME~1\ADMINI~1\DEFINI~1\Temp\chrome.exe Win32/Spy.Zbot.AAO trojan cleaned by deleting - quarantined RHODES\Administrador Event occurred on a new file created by the application: C:\Programas\Java\jre7\bin\java.exe.

Java 7! The browsers may have updated to 7 automacally. For what I read, the 7 version is full of securaty holes.

Jimbuna · 10-16-12, 11:28 AM

Quote:

Say what you want about IE, Microsoft does continuously support their browsers. Even IE6 is still getting patches and fixes (support is ending in 2014 I believe), whereas firefox 15 has been abandoned......

Partly the reason I still use IE and haven't used FF for a few year now.

kiwi_2005 · 10-16-12, 11:56 AM

I'm using 15.01 got asked to update to 16 other day but what ive read about v16 made me cancel it.

GT182 · 10-16-12, 11:58 AM

I got FF 16 2 days ago and tried it. Uninstalled 3 hours later, the same day.

Skybird · 10-16-12, 12:15 PM

http://www.subsim.com/radioroom/showthread.php?t=199065

A system once compromised, remains to be compromised forever, no matter what you do in repairs.

The only reasonable option is to format and reinstall, either manually or by an old, beyond-doubt image. What you get in messages that something in cleaning or repairing was successful, is just this: a message by the corrupted system. You can never be sure whether you can trust that message or not.

When you get hit by infections, there is only one thing to do: format and reinstall.

I'm happy that when I left Explorer some weeks ago due to the explorer heavy security leak back then, I went for Opera. Only Chrome I also considered, but it has greater market share which makes it more attractive an object of attacks, and I did not wish to constantly mod against privacy abuse by Google, which is an issue with Chrome.

Explorer 9 is better than its reputation. But due to its market share, it attracts many attacks. So does Firefox. So does Chrome.

Opera has only 2% or less in market share. Maybe I should stop advertizing it, so that it may stay like that fopr long time to come.

Also: use a sandbox. Use a payware firewall-anti-virus suite. Use an additional malware scanner - the good ones are optimized for running along virus scanners, and they find stuff the AV does not. The three or four problem I had in past years, all were triggered not by my AV, but the malware scanner. Switch off ActiveX, cookies, Java, be very careful what kind of active scripting to allow.

The more comfortable your browser is tuned, the more unsecure it is.

Skybird · 10-16-12, 12:18 PM

Quote:

Originally Posted by Rhodes

16-10-2012 10:55:00 Real-time file system protection file C:\DOCUME~1\ADMINI~1\DEFINI~1\Temp\chrome.exe Win32/Spy.Zbot.AAO trojan cleaned by deleting - quarantined RHODES\Administrador Event occurred on a new file created by the application: C:\Programas\Java\jre7\bin\java.exe.

Java 7! The browsers may have updated to 7 automacally. For what I read, the 7 version is full of securaty holes.

http://www.subsim.com/radioroom/showthread.php?t=198237

You must have missed by Java alert some weeks ago. Java always is a big security risk. Deinstall it. Also note that even when upgrading to newer versions, the old versions often stay unnoticed in your system, still representing open security breaches.

Rhodes · 10-16-12, 12:31 PM

No, I did not miss it, but for some reason, the update was automacally, because I can do did any update on java. The java 6 that I had was version 22 and now is in version 35.

Possibly tomorrow it will format c: and so on!

10-15-12, 06:07 PM	#1
Rhodes Silent Hunter Join Date: Aug 2005 Location: Figueira da Foz, Portugal Posts: 4,515 Downloads: 110 Uploads: 0	Beware the new mozilla firefox version? Beware the old one also! Well, has the title says, I got a damn virus in my pc today and aparently "by" firefox. From the begining: I use both ie and firefox, the latter to go here and other sites (blogs, etc; has advantanges, the dicionary, etc). Not going to be the ie vs firefox thing. Today afternoon I was working in powerpoint, surfing the web with both explorers, and got a message from the AV (I use no32 5.*) that was a suspictious thing (the message is below) and the options were to clean and no action. I click clean but noting and at the same time, got the message that my firewall is disable. I thought "What?" went to check and my conection did not have the firewall on. Then the AV display the message of a trojan (explorer.exe+some random number). Great, I had one of those 2 weeks ago, so did what I did back then. Restore the system and let the AV got the bugger i the system restore files. Did this and ok, fine, turn on ie and noting. Turn on firefox, got all over again. Great... some script that come trought firefox or something. After doing all over, and running everyting got no messages of virus. Unistalled firefox and using ie now, typing this. But now I am getting av messages that the trojan that I had two weeks ago is trying something, the AV program is puting the exe files in quarantine and I am deleting them. Go see if I can see what keys are in the regstry and try to delete the bugger. Here is the 1º message I got: 15-10-2012 17:30:34 Real-time file system protection file C:\Documents and Settings\Administrador\Application Data\Mozilla\Firefox\Profiles\a8q8l8ym.default\use r.js JS/SecurityDisabler.A.Gen potentially unwanted application cleaned by deleting - __________________ http://www.flickr.com/photos/16416646@N05/

10-15-12, 06:50 PM	#2
the_tyrant Admiral Join Date: Jun 2010 Location: Canada Posts: 2,272 Downloads: 58 Uploads: 0	You know, this is why I hate firefox now. Their quality standards are slipping, seriously. This "rapid release schedule" is killing firefox. First of all, no enterprise would use their "rapid release" products. A new version every 6 weeks? The IT people will fight to the death to block that. Secondly, their quality is slipping. Bugs slip through, performance is bad, etc. If you want to use firefox, consider the long term support version: http://www.mozilla.org/en-US/firefox/organizations/ Say what you want about IE, Microsoft does continuously support their browsers. Even IE6 is still getting patches and fixes (support is ending in 2014 I believe), whereas firefox 15 has been abandoned...... __________________ My own open source project on Sourceforge OTP.net KGB grade encryption for the rest of us

10-16-12, 11:24 AM	#3
Rhodes Silent Hunter Join Date: Aug 2005 Location: Figueira da Foz, Portugal Posts: 4,515 Downloads: 110 Uploads: 0	Since the morning I got no "attack" messagens from the AV and all seems fine, but I am still causious. But after seeing this message in the nod32 logs, it may explainhow the virus got in, if true: 16-10-2012 10:55:00 Real-time file system protection file C:\DOCUME~1\ADMINI~1\DEFINI~1\Temp\chrome.exe Win32/Spy.Zbot.AAO trojan cleaned by deleting - quarantined RHODES\Administrador Event occurred on a new file created by the application: C:\Programas\Java\jre7\bin\java.exe. Java 7! The browsers may have updated to 7 automacally. For what I read, the 7 version is full of securaty holes. __________________ http://www.flickr.com/photos/16416646@N05/

10-16-12, 11:56 AM	#5
kiwi_2005 Eternal Patrol Join Date: May 2004 Location: Aeoteroa Posts: 7,382 Downloads: 223 Uploads: 1	I'm using 15.01 got asked to update to 16 other day but what ive read about v16 made me cancel it. __________________ RIP kiwi_2005 Those who can't laugh at themselves leave the job to others.

10-16-12, 11:58 AM	#6
GT182 Ocean Warrior Join Date: May 2005 Location: New Castle of Delaware Posts: 3,231 Downloads: 658 Uploads: 0	I got FF 16 2 days ago and tried it. Uninstalled 3 hours later, the same day. __________________ Gary No Borders, No Language, No Culture =s No Country I'm a Deplorable, and proud of it.

10-16-12, 12:15 PM	#7
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 42,603 Downloads: 10 Uploads: 0	http://www.subsim.com/radioroom/showthread.php?t=199065 A system once compromised, remains to be compromised forever, no matter what you do in repairs. The only reasonable option is to format and reinstall, either manually or by an old, beyond-doubt image. What you get in messages that something in cleaning or repairing was successful, is just this: a message by the corrupted system. You can never be sure whether you can trust that message or not. When you get hit by infections, there is only one thing to do: format and reinstall. I'm happy that when I left Explorer some weeks ago due to the explorer heavy security leak back then, I went for Opera. Only Chrome I also considered, but it has greater market share which makes it more attractive an object of attacks, and I did not wish to constantly mod against privacy abuse by Google, which is an issue with Chrome. Explorer 9 is better than its reputation. But due to its market share, it attracts many attacks. So does Firefox. So does Chrome. Opera has only 2% or less in market share. Maybe I should stop advertizing it, so that it may stay like that fopr long time to come. Also: use a sandbox. Use a payware firewall-anti-virus suite. Use an additional malware scanner - the good ones are optimized for running along virus scanners, and they find stuff the AV does not. The three or four problem I had in past years, all were triggered not by my AV, but the malware scanner. Switch off ActiveX, cookies, Java, be very careful what kind of active scripting to allow. The more comfortable your browser is tuned, the more unsecure it is. __________________ If you feel nuts, consult an expert.

10-16-12, 12:31 PM	#9
Rhodes Silent Hunter Join Date: Aug 2005 Location: Figueira da Foz, Portugal Posts: 4,515 Downloads: 110 Uploads: 0	No, I did not miss it, but for some reason, the update was automacally, because I can do did any update on java. The java 6 that I had was version 22 and now is in version 35. Possibly tomorrow it will format c: and so on! __________________ http://www.flickr.com/photos/16416646@N05/